The real phone hacking scandal is in your pocket

Author

Disclosure statement

Alan Woodward does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.

There are now more mobile devices than people on our planet. The amount of personal data we share through mobile devices is also increasing. So it is not surprising that cyber-criminals want a piece of that pie, putting our privacy and finances at risk.

But our growing dependency on mobile devices and their social platforms, which are crucial business and commerce, makes protection against cybercrime even harder. Can governments be expected (or allowed) to police mobile communications in the same way as our streets?

Faster, smarter 4G and 5G technologies present new risks, because they encourage people to use their mobile devices differently. With personal computers and the early years of the internet we learnt to be cautious about security: what email to open, what link to click, who to let in. But that does not translate to how we use mobile devices. A smartphone or tablet feels more personal, almost a part of one’s self. So we are taking risks we have taught ourselves to avoid when using a desktop computer.

As a result, mobile devices have become the target of choice for cyber-criminals who are aware of these casual attitudes. Networks getting faster means devices can be hacked even quicker, with the potential to leak large amounts of personal information before the user realises.

Mobility in itself offers a new dimension of risk. Now we can have location-specific data, which is one of the biggest privacy problems. Recent stories, like that of mobile operator EE selling user data including gender, age, postcode and locations to polling organisations, have highlighted the need to identify what personal data is used, and in what ways.

Most smartphones have bluetooth, which has the potential to suck data from other fixed or mobile devices around them. Let someone through the door into your home or workplace, and they have the ability to steal data, if not suitably protected, just because of their general physical proximity. The more capable our personal devices become, the greater the threat.

Many people never switch off WiFi on their mobile devices. To exploit this, there are off-the-shelf products that can scan your device and tell which other WiFi networks you have used in the past, be that in the coffee shop or office. It is horribly easy to leak data that allows others to build up a picture of your movements.

Governments have a role to play in recognising and responding, but they cannot take responsibility for mistakes made by individuals. Approximately 80% of cybercrime relies upon human weakness. It concerns people being fooled by deceptive emails and web links. If you leave your front door open and you get burgled, then that is your property and your fault.

What governments can do is address potential violations of privacy and insist on clarity from all reputable providers, just as they did with internet cookies in Europe, making it mandatory to give the user a choice about whether to share any information or not. Government needs to stop organisations tracking people’s locations just by default, and make sure this only happens when there is active consent, agreed upon for specific reasons. Apps and websites will ask for personal information, but what for? It is important that any data-gathering is justified and that government ensures users are given explicit and genuine advice on how the data will be used.

Mobile devices present new challenges for privacy and security, not least making people understand that their iPhone is just as vulnerable as their MacBook. But it will only work if government, business and individuals each assume their portion of the responsibility, and we all accept that there may be some trade-offs between traceability and security.

For now, we must all emphasise personal responsibility. The alternative will inevitably be state control. In China the next generation of internet services are being developed with the ability to see the source of all communications, so everything can be traced. This may well be the future for the rest of the world, if we do not act now.